What is the difference between the Java 1.6 and 1.7 jarsigner

Question

Just noted that you can´t sign Android APKs with the Java 1.7 jarsigner. So I wonder why this is and what is the difference between the 1.6 and 1.7 signer?

Wojciech Owczarczyk · Accepted Answer · 2012-01-05T12:05:13.413

11

This is because the default digest algorithm for Java 1.7 is SHA-256 while for Java 1.6 it's SHA1withDSA.

Java 1.6 Jarsigner docs

Java 1.7 Jarsigner docs

edited Jan 05 '12 at 12:05

answered Jan 05 '12 at 08:37

Wojciech Owczarczyk

5,595
2
33
55

1

Thanks. Now I just have to find out how to tweak maven to use the right jarsigner and / or the correct sigalg. – Martin Jan 05 '12 at 10:55

Eske Rahn · Answer 2 · 2012-01-22T22:35:49.307

6

Yes you CAN use 1.7!

It is very tricky to find info on the usage with 1.7, but once found it is reasonable simple:

For keytool include

-sigalg SHA1withDSA -keyalg DSA -keysize 1024

For jarsigner include

-sigalg SHA1withDSA -digestalg SHA1

(1024 is the maximum and works, less might do the trick)

edited Jan 22 '12 at 22:35

answered Jan 22 '12 at 22:25

Eske Rahn

1,137
12
11

What is the difference between the Java 1.6 and 1.7 jarsigner

2 Answers2

Linked